OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The […]

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks

bleepingcomputer.com - 18/Feb 17:07

OpenSSH has released security updates addressing two vulnerabilities, a man-in-the-middle (MitM) and a denial of service flaw, with one of the flaws...

Microsoft fixed actively exploited flaw in Power Pages

securityaffairs.co - 20/Feb 11:20

Microsoft addressed a privilege escalation vulnerability in Power Pages, the flaw is actively exploited in attacks. Microsoft has addressed two...

Apache James Denial-of-Service Vulnerabilities

thecyberthrone.in - 08/Feb 13:22

The Apache James Mail Server has recently been identified as vulnerable to two distinct Denial-of-Service (DoS) attacks, tracked as CVE-2024-45626 and...

Palo Alto Networks warns that CVE-2025-0111 flaw is actively exploited in attacks

securityaffairs.co - 20/Feb 06:32

Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto...

Apple fixes iPhone and iPad bug exploited in ‘extremely sophisticated attacks’

securityaffairs.co - 10/Feb 22:41

Apple released iOS and iPadOS updates to address a zero-day likely exploited in extremely sophisticated attacks targeting specific individuals. Apple...

OpenSSL patched high-severity flaw CVE-2024-12797

securityaffairs.co - 11/Feb 21:33

OpenSSL patched the vulnerability CVE-2024-12797, a high-severity flaw found by Apple that enables man-in-the-middle attacks. The OpenSSL Project...

Attackers exploit a new zero-day to hijack Fortinet firewalls

securityaffairs.co - 11/Feb 23:06

Fortinet warned of attacks using a now-patched zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls. Fortinet warned that...

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

itsecuritynews.info - 20/Feb 05:31

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active...

Critical OpenSSL Vulnerability Let Attackers Launch Man-in-the-Middle Attacks

itsecuritynews.info - 12/Feb 05:32

A high-severity security vulnerability (CVE-2024-12797) has been identified in OpenSSL, one of the most widely used cryptographic libraries. The flaw...

CISA Warns of Apple iOS Vulnerability Exploited in Wild

itsecuritynews.info - 17/Feb 14:07

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and...

Rubriques :